<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Crash when kernel debugging OS X after hitting breakpoint several times"

   href="https://bugs.llvm.org/show_bug.cgi?id=50958">50958</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Crash when kernel debugging OS X after hitting breakpoint several times

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>lldb

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>12.0

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>MacOS X

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>All Bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>lldb-dev@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>tobaljackson@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>jdevlieghere@apple.com, llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Hello,

I'm currently using lldb-1205.0.27.3 on host OS X 11.3.1 to kernel-debug an OS

X

guest (version 11.4) running under VMWare Fusion 12.1.2, and am reliably

crashing any time I hit a breakpoints more than ~15 times. This issue was

similarly reproducible on an identical guest version (11.3.1) as the host, but

I

upgraded the guest to see if that had any effect on the crashing (it didn't).

I've reproduced the crash using both the gdb-stub facility provided by vmware

(gdb-remote 8864), as well as performing regular network-based debugging (lldb

-o "kdp-remote <ip address>").

Each time I try to hit a breakpoint more than ~15 times and a crash occurs, the

backtrace looks similar to the one reproduced here:

----------------------------------------

<truncated>

(lldb) c

Process 1 resuming

Process 1 stopped

* thread #22, name = '0xffffff86986ec640', queue = 'cpu-1', stop reason =

breakpoint 1.1

    frame #0: 0xffffff8020c814f4 kernel`mach_msg_trap(args=0xffffffa06e3fbf00)

at mach_msg.c:725:16 [opt]

Target 0: (kernel) stopped.

(lldb) c

Process 1 resuming

(lldb) PLEASE submit a bug report to <a href="https://bugs.llvm.org/">https://bugs.llvm.org/</a> and include the

crash backtrace.

0  lldb                     0x000000010a227de5

llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 37

1  lldb                     0x000000010a2274e5 llvm::sys::RunSignalHandlers() +

85

2  lldb                     0x000000010a228646 SignalHandler(int) + 262

3  libsystem_platform.dylib 0x00007fff20451d7d _sigtramp + 29

4  libc++.1.dylib           0x00007fff203a3535

std::__1::recursive_mutex::unlock() + 9

5  LLDB                     0x000000010a718745

lldb_private::ThreadPlan::PlanExplainsStop(lldb_private::Event*) + 37

6  LLDB                     0x000000010a70e6bf

lldb_private::Thread::ShouldStop(lldb_private::Event*) + 1151

7  LLDB                     0x000000010a716786

lldb_private::ThreadList::ShouldStop(lldb_private::Event*) + 822

8  LLDB                     0x000000010a6c36d4

lldb_private::Process::ShouldBroadcastEvent(lldb_private::Event*) + 436

9  LLDB                     0x000000010a6bfd49

lldb_private::Process::HandlePrivateEvent(std::__1::shared_ptr<lldb_private::Event>&)

+ 265

10 LLDB                     0x000000010a6c4518

lldb_private::Process::RunPrivateStateThread(bool) + 1496

11 LLDB                     0x000000010a6c3b05

lldb_private::Process::PrivateStateThread(void*) + 21

12 LLDB                     0x000000010a6048a7

lldb_private::HostNativeThreadBase::ThreadCreateTrampoline(void*) + 103

13 libsystem_pthread.dylib  0x00007fff2040c954 _pthread_start + 224

14 libsystem_pthread.dylib  0x00007fff204084a7 thread_start + 15

[1]    84306 segmentation fault  lldb

----------------------------------------

Here I set the breakpoint on mach_msg_trap and just hit 'c'ontinue 15 times

until a crash.

Some additional information from connecting to the guest (after gdb-remote or

lldb -o "kdp-remote <ip>"):

================================================================================

WARNING: Python 2.7 is not recommended. Future versions of lldb will not

support Python 2.7.

(lldb) gdb-remote 8864

Kernel UUID: 52A1E876-863E-38E3-AC80-09BBAB13B752

Load Address: 0xffffff8020c10000

Loading kernel debugging from

/Library/Developer/KDKs/KDK_11.4_20F71.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/Python/kernel.py

LLDB version lldb-1205.0.27.3

Apple Swift version 5.4 (swiftlang-1205.0.26.9 clang-1205.0.19.55)

settings set target.process.python-os-plugin-path

"/Library/Developer/KDKs/KDK_11.4_20F71.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/Python/lldbmacros/core/operating_system.py"

Target arch: x86_64

Connected to live debugserver or arm core. Will associate on-core threads to

registers reported by server.

settings set target.trap-handler-names hndl_allintrs hndl_alltraps

trap_from_kernel hndl_double_fault hndl_machine_check _fleh_prefabt

_ExceptionVectorsBase _ExceptionVectorsTable _fleh_undef _fleh_dataabt

_fleh_irq _fleh_decirq _fleh_fiq_generic _fleh_dec

command script import

"/Library/Developer/KDKs/KDK_11.4_20F71.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/Python/lldbmacros/xnu.py"

xnu debug macros loaded successfully. Run showlldbtypesummaries to enable type

summaries.

settings set target.process.optimization-warnings false

Kernel slid 0x20a10000 in memory.

Loaded kernel file

/Library/Developer/KDKs/KDK_11.4_20F71.kdk/System/Library/Kernels/kernel

Loading kernel debugging from

/Library/Developer/KDKs/KDK_11.4_20F71.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/Python/kernel.py

LLDB version lldb-1205.0.27.3

Apple Swift version 5.4 (swiftlang-1205.0.26.9 clang-1205.0.19.55)

settings set target.process.python-os-plugin-path

"/Library/Developer/KDKs/KDK_11.4_20F71.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/Python/lldbmacros/core/operating_system.py"

Target arch: x86_64

Connected to live debugserver or arm core. Will associate on-core threads to

registers reported by server.

settings set target.trap-handler-names hndl_allintrs hndl_alltraps

trap_from_kernel hndl_double_fault hndl_machine_check _fleh_prefabt

_ExceptionVectorsBase _ExceptionVectorsTable _fleh_undef _fleh_dataabt

_fleh_irq _fleh_decirq _fleh_fiq_generic _fleh_dec

command script import

"/Library/Developer/KDKs/KDK_11.4_20F71.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/Python/lldbmacros/xnu.py"

xnu debug macros loaded successfully. Run showlldbtypesummaries to enable type

summaries.

settings set target.process.optimization-warnings false

Target arch: x86_64

Connected to live debugserver or arm core. Will associate on-core threads to

registers reported by server.

Loading 132 kext modules

-----.-------.------....-------------.-------..----.-------------------------.....--------------.---.-----.----.---.--.-------------

done.

Failed to load 111 of 132 kexts:

<truncated>

================================================================================

Please let me know if you'd like any additional information.

Thank you</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>